diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2022-12-03 03:39:44 +0100 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2022-12-03 03:39:44 +0100 |
commit | 3c4941bb88ac6bcfd93e297a922be4b80b8991ea (patch) | |
tree | a569764896bfecd6c72d9c757bb5867cac690e7b /docker | |
parent | docker: refactor entrypoint.sh (diff) | |
download | cgitize-3c4941bb88ac6bcfd93e297a922be4b80b8991ea.tar.gz cgitize-3c4941bb88ac6bcfd93e297a922be4b80b8991ea.zip |
docker: chmod o-rwx the output directory
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile | 3 | ||||
-rwxr-xr-x | docker/entrypoint.sh | 8 | ||||
-rwxr-xr-x | docker/get_output_dir.py | 25 |
3 files changed, 35 insertions, 1 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index 08b7ad4..6bc6847 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -14,13 +14,14 @@ LABEL maintainer="Egor Tensin <Egor.Tensin@gmail.com>" RUN apk add --no-cache bash git openssh-client python3 tini COPY --from=build ["/deps", "/deps/"] -ENV PYTHONPATH="/deps" +ENV PYTHONPATH="/deps:/usr/src" ARG ssh_sock_dir=/ ARG ssh_sock_path="$ssh_sock_dir/ssh-agent.sock" ENV SSH_AUTH_SOCK "$ssh_sock_path" COPY ["docker/entrypoint.sh", "/"] +COPY ["docker/get_output_dir.py", "/"] COPY ["cgitize/", "/usr/src/cgitize/"] WORKDIR /usr/src diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 5674e36..61ecd1e 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -8,6 +8,13 @@ set -o errexit -o nounset -o pipefail readonly base_dir=/usr/src +readonly cfg_path=/etc/cgitize/cgitize.toml + +secure_repo_dir() { + local dir + dir="$( /get_output_dir.py -- "$cfg_path" )" + chmod -- o-rwx "$dir" +} schedule_to_cron() { local schedule @@ -55,6 +62,7 @@ setup_cron_task() { } main() { + secure_repo_dir setup_cron_task "$@" } diff --git a/docker/get_output_dir.py b/docker/get_output_dir.py new file mode 100755 index 0000000..9c21a72 --- /dev/null +++ b/docker/get_output_dir.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +from argparse import ArgumentParser +import sys + +from cgitize.config import Config + + +def parse_args(argv=None): + if argv is None: + argv = sys.argv[1:] + parser = ArgumentParser() + parser.add_argument('config', metavar='PATH', + help='config file path') + return parser.parse_args(argv) + + +def main(argv=None): + args = parse_args(argv) + cfg = Config.read(args.config) + print(cfg.main.output_dir) + + +if __name__ == '__main__': + main() |